Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in March 2012
Page 1 / 4   >   >>
Global Payment Systems Compromised In 'Massive' Breach
Quick Hits  |  3/31/2012  | 
Vulnerable records at Visa, MasterCard could be in the millions due to unauthorized access
IT's Hottest 'Necessary Evil'
News  |  3/30/2012  | 
While IT security pros may still find themselves defending their roles, they're also in a good spot when it comes to compensation, with a median base salary bump for staffs up a tidy $7,000 this year, according to the new The InformationWeek 2012 U.S. IT Salary Survey: Security
Forensic Approach To Mobile App Vulnerability Research
Commentary  |  3/30/2012  | 
Intro to a unique approach for vulnerability research on mobile apps using traditional PC forensic tools
Lesson From Pwn2Own: Focus On Exploitability
News  |  3/29/2012  | 
Talented programmers can create attack code quickly, suggesting that firms need to focus on patching easily exploitable -- not just exploited -- flaws
Google Big Tent: Regulation Vs. Personal Responsibility
Commentary  |  3/29/2012  | 
Society should embrace the touch-the-stove approach when it comes to online common sense, explains 14-year-old Adora Svitak, author of no less than three books and advocate of techno-youth empowerment, at Google event on Web regulation.
It's (Already) Baaack: Kelihos Botnet Rebounds With New Variant
News  |  3/29/2012  | 
Botnet hunters debate whether Kelihos/Hlux operators can reclaim rescued bots
How To Choose Endpoint Protection
News  |  3/29/2012  | 
Don't fret about malware detection. Focus on user interactions, performance, and management.
Congress Proposes FISMA Overhaul
News  |  3/29/2012  | 
Amendments would update the 2002 law for today's federal IT environment, transfer cybersecurity oversight from Homeland Security to OMB.
YouTube Tool Blurs Faces To Protect Privacy
News  |  3/29/2012  | 
YouTube plans to give video makers an easy way to blur faces to protect the privacy of people who don't want to appear in online videos.
Will New FTC Privacy Recommendations Challenge E-Commerce?
News  |  3/29/2012  | 
FTC privacy proposal has been both lauded and criticized, but also triggered talk on the impact on retailers, nonprofits, and online advertisers.
China Hacked RSA, U.S. Official Says
Quick Hits  |  3/29/2012  | 
And RSA official responds to Gen. Keith Alexander's telling Congress this week that Chinese attackers were behind the SecurID breach last year
Someone Left The Keys In Your Compliance System
Commentary  |  3/29/2012  | 
Information security is at the mercy of your entire staff's habits
Security Pros Worry Most About Mobile Threats, But Most Have No Way To Detect Them
Quick Hits  |  3/29/2012  | 
Many enterprises have no good way to identify mobile vulnerabilities, Tenable report says
Cybercrime's Love Affair With Havij Spells SQL Injection Trouble
News  |  3/28/2012  | 
Automated SQL injection attack tool makes database extraction as easy as a button click for cybercriminals
Will New FTC Privacy Recommendations Challenge E-Commerce?
News  |  3/28/2012  | 
Privacy recommendations from the FTC have been both lauded and criticized, but also triggered talk on the impact of changing attitudes toward privacy
Deja Vu: Reincarnated Botnet Struck Down
News  |  3/28/2012  | 
Researchers at Kaspersky Lab, CrowdStrike, and Dell SecureWorks intercept bots from infamous spamming botnet -- but this time without the help of Microsoft and its legal team
A Single 'Pain' Of Glass?
Commentary  |  3/27/2012  | 
Is the often-pitched 'single pane of glass' a benefit to security monitoring tools or yet another point of contention?
Malware To Increasingly Abuse DNS?
News  |  3/27/2012  | 
Many companies do not scrutinize their domain-name service traffic, leaving an opening for malware to communicate using the protocol
Risk And Regulatory Overload
Quick Hits  |  3/27/2012  | 
New study finds organizations worried about risk and compliance, but struggling to manage it all
Data Breach Lawsuits Less Likely In Hacks
News  |  3/27/2012  | 
Individuals whose personal data is exposed in a data breach more likely to sue if the victim organization mishandled their data, researchers find
NSA Chief: China Behind RSA Attacks
News  |  3/27/2012  | 
Chinese steal a "great deal" of military-related intellectual property, and were responsible for last year's attacks on cybersecurity company RSA, Gen. Keith Alexander tells Senators.
Zetta Launches SMB Cloud Storage Platform
News  |  3/27/2012  | 
DataProtect 3.0 handles data protection, archiving, and disaster recovery in small and midsized businesses.
Apple Rejects Apps Over Privacy Concerns
News  |  3/27/2012  | 
Escalating crackdown begins on apps that use UDID numbers to try and identify unique devices.
LulzSec Reborn Claims Military Dating Site Hack
News  |  3/27/2012  | 
Hacktivists exposed details of 170,000 people on militarysingles.com, as the LulzSec reboot appears to be gaining steam.
Command Injection Attacks, Automated Password Guessing On The Rise
Quick Hits  |  3/27/2012  | 
Spam, vulnerabilities, exploit code all on the decline, IBM X-Force report says
Vetting The Security Of Cloud Service Providers
News  |  3/26/2012  | 
A registry offered by the Cloud Security Alliance allows customers to compare the security measures of participating service providers. Is that enough to make cloud more secure?
FTP Ubiquitous And Dangerously Noncompliant
News  |  3/26/2012  | 
Its ease of use and prevalence notwithstanding, old-fashioned FTP introduces compliance and security risks
Microsoft, Financial Partners Seize Servers Used In Zeus Botnets
News  |  3/26/2012  | 
Most Zeus operations still untouched, but a noticeable dip in Zeus botnet activity spotted by one botnet-monitoring organization
Google Chrome Extensions: 6 Security Facts
News  |  3/26/2012  | 
Malicious Chrome extensions, once they have a toehold on your computer, can wreak havoc via your browser. Understand the security implications.
White House Sets Cybersecurity Priorities
News  |  3/26/2012  | 
Agencies should focus on safer Internet connections, continuous monitoring of systems, and authentication, says cybersecurity chief.
Microsoft Leads Zeus Botnet Server Shutdown
News  |  3/26/2012  | 
Microsoft, U.S. Marshals, and financial industry agents raid two Zeus botnet servers farms that stole more than $100 million and infected 13 million PCs with malware.
Robot Jellyfish May Be Underwater Spy Of Future
News  |  3/23/2012  | 
Jellyfish-like robot, developed with Navy funds, refuels itself with hydrogen and oxygen extracted from the sea. The goal: Perpetual ocean surveillance.
Minimizing The Attack Surface Area A Key To Security
News  |  3/23/2012  | 
While many security experts lament the death of the network perimeter, the concept of attack surface area is still very much alive
Choosing The Right Vulnerability Scanner For Your Organization
Quick Hits  |  3/23/2012  | 
Vulnerability scanning plays a key role in both security administration and compliance. But which tools are right for you? Here are some tips on how to decide
Facebook's Privacy Two-Step On Passwords, Employers
Commentary  |  3/23/2012  | 
Facebook says sharing your password with a potential employer violates its rules. But will Facebook enforce this rule, when it still doesn't confirm user ages?
Compliance In An Age Of Mobility
News  |  3/23/2012  | 
Regulated companies put compliance efforts in jeopardy unless they address mobility.
Megaupload Host Wants To Delete Data
News  |  3/23/2012  | 
Movie industry association wants data retained indefinitely, but hosting company says it's too expensive. Meanwhile, questions rise over why Anonymous launched retaliatory attack--and who paid for it.
Compliance In An Age Of Mobility
News  |  3/22/2012  | 
Regulated companies put compliance efforts in jeapordy unless they address mobility
Fake Caller ID Attacks On The Rise
Quick Hits  |  3/22/2012  | 
"Vishing" attacks increased by 52 percent in the second half of last year
StopTheHacker Website Security Suite Adds 10 Hosting Partners Globally
News  |  3/22/2012  | 
Security solutions are now distributed in six additional countries
Technology Cannot Solve All Your People Problems
Commentary  |  3/22/2012  | 
Too many in business assume compliance is primarily a technology issue
Keep Your Friends Close, Especially If They Are Anonymous
Commentary  |  3/22/2012  | 
Sabu's traitorous ways reminds us of the sage advice to keep your friends close and your enemies closer
'Anonymous' Legacy: Hacktivists Stole More Data Than Organized Crime In 2011 Breaches Worldwide
News  |  3/22/2012  | 
New Verizon Data Breach Intelligence Report finds 58 percent of all data stolen was the result of hacktivist attacks -- but, overall, traditional cybercriminals executed the largest number of actual breaches
Fun With REMnux -- And New Malware Analysis Book
Commentary  |  3/22/2012  | 
"Practical Malware Analysis" provides in-depth knowledge on malware analysis and includes useful lab exercises. We take REMnux for a spin with the labs
When Hackers Want Much More Than Money
News  |  3/22/2012  | 
Insider attack data breaches are down in 2011, but hacktivist attacks, with motives beyond money, are up, reports Verizon 2012 Data Breach Investigations Report.
New Botnet Emanates From Republic Of Georgia, Researchers Say
Quick Hits  |  3/21/2012  | 
Win32/Georbot steals documents, hides from anti-malware scanners
$1.5M Fine Marks A New Era In HITECH Enforcement
News  |  3/21/2012  | 
Data breach at BlueCross BlueShield of Tennessee, and subsequent penalty, stands as example of financial fallout from poor healthcare IT security practices
Duqu Alive And Well: New Variant Found In Iran
News  |  3/21/2012  | 
Researchers at Symantec dissect part of new, retooled version of the reconnaissance-gathering malware
Microsoft Donates Software To Protect Exploited Children
News  |  3/21/2012  | 
Microsoft will offer its PhotoDNA software to law enforcement free of charge to help investigators track down verified child porn.
Firefox Takes Privacy Lead With HTTPS By Default
News  |  3/21/2012  | 
Firefox users soon won't have to worry about their browsers betraying their search queries.
Page 1 / 4   >   >>


Where Businesses Waste Endpoint Security Budgets
Kelly Sheridan, Staff Editor, Dark Reading,  7/15/2019
US Mayors Commit to Just Saying No to Ransomware
Robert Lemos, Contributing Writer,  7/16/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2002-0390
PUBLISHED: 2019-07-21
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-0639. Reason: This candidate is a reservation duplicate of CVE-2002-0639. Notes: All CVE users should reference CVE-2002-0639 instead of this candidate. All references and descriptions in this candidate have been removed to prevent ...
CVE-2018-17210
PUBLISHED: 2019-07-20
An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. The core components that create and launch a print job do not perform complete verification of the session cookie that is supplied to them. As a result, an attacker with guest/pseudo-guest level permissions can bypass t...
CVE-2019-12934
PUBLISHED: 2019-07-20
An issue was discovered in the wp-code-highlightjs plugin through 0.6.2 for WordPress. wp-admin/options-general.php?page=wp-code-highlight-js allows CSRF, as demonstrated by an XSS payload in the hljs_additional_css parameter.
CVE-2019-9229
PUBLISHED: 2019-07-20
An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.251. An internal interface exposed to the link-local address 169.254.254.253 allows attackers in the local network to access multiple quagga VTYs. Attackers can...
CVE-2019-12815
PUBLISHED: 2019-07-19
An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306.